svn commit: r460596 - in branches/2018Q1/mail/dovecot: . files

Niclas Zeising zeising at FreeBSD.org
Thu Feb 1 13:28:10 UTC 2018 

Author: zeising
Date: Thu Feb  1 13:28:09 2018
New Revision: 460596
URL: https://svnweb.freebsd.org/changeset/ports/460596

Log:
  MFH: r460590
  
  Complete fix for CVE-2017-15132
  
  Complete fix for CVE-2017-15132, the previous fix was not enough, and caused
  the request to remain after an abort, causing a use-after-free later on.
  
  PR:		225585
  Submitted by:	Vladimir Krstulja
  Approved by:	adamw (maintainer)
  
  Approved by:	ports-secteam (implicit, security fix)

Added:
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
     - copied unchanged from r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
     - copied unchanged from r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
Modified:
  branches/2018Q1/mail/dovecot/Makefile
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
Directory Properties:
  branches/2018Q1/   (props changed)

Modified: branches/2018Q1/mail/dovecot/Makefile
==============================================================================
--- branches/2018Q1/mail/dovecot/Makefile	Thu Feb  1 13:26:01 2018	(r460595)
+++ branches/2018Q1/mail/dovecot/Makefile	Thu Feb  1 13:28:09 2018	(r460596)
@@ -13,7 +13,7 @@
 
 PORTNAME=	dovecot
 PORTVERSION=	2.2.33.2
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	mail ipv6
 MASTER_SITES=	https://www.dovecot.org/releases/2.2/
 

Modified: branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
==============================================================================
--- branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c	Thu Feb  1 13:26:01 2018	(r460595)
+++ branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c	Thu Feb  1 13:28:09 2018	(r460596)
@@ -1,10 +1,12 @@
 --- src/lib-auth/auth-client-request.c.orig	2017-10-05 17:10:44 UTC
 +++ src/lib-auth/auth-client-request.c
-@@ -180,6 +180,7 @@ void auth_client_request_abort(struct auth_client_requ
+@@ -180,6 +180,9 @@ void auth_client_request_abort(struct auth_client_requ
  
  	auth_client_send_cancel(request->conn->client, request->id);
  	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
-+	pool_unref(&request->pool);
++	/* remove the request */
++	auth_server_connection_remove_request(request->conn, request->id);
++ 	pool_unref(&request->pool);
  }
  
  unsigned int auth_client_request_get_id(struct auth_client_request *request)

Copied: branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c (from r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c	Thu Feb  1 13:28:09 2018	(r460596, copy of r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c)
@@ -0,0 +1,13 @@
+--- src/lib-auth/auth-server-connection.c.orig	2017-10-05 17:10:44 UTC
++++ src/lib-auth/auth-server-connection.c
+@@ -481,3 +481,10 @@ auth_server_connection_add_request(struct auth_server_
+ 	hash_table_insert(conn->requests, POINTER_CAST(id), request);
+ 	return id;
+ }
++
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++					   unsigned int id)
++{
++	i_assert(conn->handshake_received);
++	hash_table_remove(conn->requests, POINTER_CAST(id));
++}

Copied: branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h (from r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h	Thu Feb  1 13:28:09 2018	(r460596, copy of r460590, head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h)
@@ -0,0 +1,9 @@
+--- src/lib-auth/auth-server-connection.h.orig	2017-10-05 17:10:44 UTC
++++ src/lib-auth/auth-server-connection.h
+@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(struct auth_ser
+ unsigned int
+ auth_server_connection_add_request(struct auth_server_connection *conn,
+ 				   struct auth_client_request *request);
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++					   unsigned int id);
+ #endif

More information about the svn-ports-branches mailing list